[Samba] Why is Samba4 not recommended as a file server?
mathias dufresne
infractory at gmail.com
Thu Jul 28 10:53:57 UTC 2016
2016-07-28 12:27 GMT+02:00 Rowland penny <rpenny at samba.org>:
> On 28/07/16 10:32, mathias dufresne wrote:
>
>> Can you explain why it would be an issue giving GID to "Domain Admins"
>> group?
>>
>>
> This is because Domain Admins has to own group policies in sysvol, not as
> a group but as a user. If you give Domain Admins a gidNumber, it becomes
> purely a group, so it cannot own the group policies as a user.
>
> This need sounds very strange to me... Why a group would need to be
considered as a user?
I noticed earlier that groups are considered as users when it comes to
sysvol's ACLs. I thought it was because Samba was treating with XID rather
than UID and GID, and that use of XID is not precise enough to make
difference between users and groups, so to be sure Samba was putting ACL on
both sides (user ACL and group ACL). All that tought because Samba relies
on idmap and in idmap.ldb there is no UID/GID but only XID.
I don't think Windows clients are expecting to find groups in users' ACLs
so I'm really wondering why that would be an issue...
More information about the samba
mailing list